package com.kc.filter;

import com.kc.util.ResponesBean;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;

import javax.annotation.Resource;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;


/**
 * 跨域解决
 * 自定义异常待定
 */
public class ShiroTokenRolesAccess extends RolesAuthorizationFilter {

    private static final Logger logger = LoggerFactory.getLogger(ShiroTokenRolesAccess.class);

    @Resource
    private ResponesBean responesBean;

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {

        logger.info("进入权限过滤器");

        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;

        if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())){
            httpServletResponse.setStatus(HttpStatus.OK.value());
            return true;
        }else {
            responesBean.responseError(request,response,405,"没有登录或者没有权限查看此页面",null);
            return false;
        }
    }
}
